This paper, written by Anton Chuvakin, covers some of the other mistakes that often occur when organizations try to use encryption to protect data-at-rest and data-in-transit and thus improve their security posture.

In this white paper, submitted by GFI, they explore how the uncontrolled use of portable storage devices such as iPods, USB sticks, flash drives and PDS's, coupled with data theft technizues such as 'pod slurping', can lead to major security breaches.

Shreeraj Shah has updated an older contribution that describes some of the queries that can be run against SEARCH.MSN in order to fetch
important information that would eventually help in web application assessment as well as a tool he has developed to assist in this process.

This output places all results for a single host on a single line, making it easier to use with other command line tools and scripting. This format is not well documented and therefore not well understood.

NetBait™ acts as an additional layer of defense, diverting intruders from your real systems and directing them to controlled pseudo-networks. NetBait creates these environments by projecting a diversionary picture...real network nodes surrounded by multiples of 'fake' NetBait Nodes or 'targets'.

Driftnet is a nifty little application for Linux that reconstructs image files in a data stream (from a sniffer, etc.) and displays them on a screen.
This how-to deals with putting up a version of Driftnet that not only works on wireless, but works also with dumpfiles.

Kaspersky Labs has successfully branded itself as a leader in multi-platform anti-virus products. Though many IT decision makers neglect to protect their UNIX systems from viruses, research done by Kaspersky Labs indicates that Linux may be just as prone to viruses as Microsoft operating systems.

Some security tools have been developed to fake Nmap in its OS Fingerprinting purpose. This paper describes different solutions to defeat Nmap and behave like another chosen operating system, as well as a demonstration on how can be accomplished.

Describing the tools used by hackers to gain backdoor access to your IIS web servers, this paper details the necessary steps to detect successful intrusions on your network, as well as explaining how to prevent such attacks to your web server.

This paper, written by Frank Isaacs, discusses different methods of deploying VNC with an emphasis on the security considerations of each method, and the tradeoffs associated with the convenience of each method.

The paper, submitted by Anoop MS, discusses public key cryptography and its use in applications such as Key Agreement, Data Encryption and Digital Signature. The paper discusses some public key algorithms such as DH, RSA, DSA, ECDH and ECDSA and also gives mathematical explanations on the working of these algorithms. The paper also gives a brief introduction to modular arithmetic, which is the core arithmetic of almost all public key algorithms.

This is an off subject paper that I agreed to publish to give our minds a quick break from buffer overflows and Microsoft. This contribution from Robert Sauls discusses new advancements in weapons, vehicles, and other technology that the armed forces use to fight the enemy.

In this paper, submitted by Nick Hutton of 360is, we learn how to mitigate some of the risks and reduce the costs associated with implementation of Security Event Management systems, arguably among the most complex and highest profile information security projects undertaken today.

This paper, written by Hemil Shah, discusses Nessus, Nasl, how to write your own Nasl scripts, what applications are needed to write nasl scripts, Loading nasl scripts into the nessus server, Configuration parameters used in nasl scripts, reporting techniques and Few debugging tips.

This document compares the architectural approaches to implementing an effective enterprise rights management (ERM) system, namely tethered and untethered models. The document attempts to explore the advantages and disadvantages of both approaches and the impact the two models have on a corporate installation of such a system.

This paper, written by Anoop MS, gives an introduction to elliptic curve cryptography (ECC) and how it is used in the implementation of digital signature (ECDSA) and key agreement (ECDH) Algorithms. He also discusses the implementation of ECC on two finite fields, prime field and binary field. This paper also gives an overview of ECC implementation on different coordinate systems called the projective coordinate systems and the basics of prime and binary field arithmetic.

This white paper, written by Matthew Simiana, examines why having multiple anti-virus scanners at mail server level substantially reduces the chance of virus infection and explores ways in which this can be achieved.

This whitepaper, submitted by Third Brigade, looks at the security challenges faced by organizations and explains how Host Intrusion Prevention (HIP) plays a critical role in an organization’s overall security strategy.

This paper, submitted by Alice Pierce of LockLizard, covers why encryption is not enough to protect your electronic documents and why other factors such as the implementation of the system are equally important.

Validy is a software publisher whose research and development activity began in 1991. Since its foundation, Validy has directed its research towards IT security, which has today become a crucial component in personal, infrastructure and economic security.